Group Signature Where Group Manager, Members and Open Authority Are Identity-Based
نویسندگان
چکیده
We present the first group signature scheme with provable security and signature size O(λ) bits where the group manager, the group members, and the Open Authority (OA) are all identity-based. We use the security model of Bellare, Shi, and Zhang [3], except to add three identity managers for manager, members, and OA respectively, and we discard the Open Oracle (OO). Our construction uses identity-based signatures summarized in Bellare, Namprempre, and Neven [2] for manager, Boneh and Franklin’s IBE [7] for OA, and we extend Bellare et al.[3]’s group signature construction by verifiably encrypt an image of the member public key, instead of the public key itself. The last innovation is crucial in our efficiency; otherwise, Camenisch and Damgard[9]’s verifiable encryption would have to be used resulting in lower efficiency.
منابع مشابه
An Identity-Based Group Signature with Membership Revocation in the Standard Model
Group signatures allow group members to sign an arbitrary number of messages on behalf of the group without revealing their identity. Under certain circumstances the group manager holding a tracing key can reveal the identity of the signer from the signature. Practical group signature schemes should support membership revocation where the revoked member loses the capability to sign a message on...
متن کاملReal Hidden Identity-Based Signatures
Group signature allows members to issue signatures on behalf of the group anonymously in normal circumstances. When the need arises, an opening authority (OA) can open a signature and reveal its true signer. Yet, many constructions require not only the OA’s secret key but also a member database (cf. a public-key repository) in this opening. This “secret members list” put the anonymity of member...
متن کاملLinkable Democratic Group Signatures
In a variety of group-oriented applications cryptographic primitives like group signatures or ring signatures are valuable methods to achieve anonymity of group members. However, in their classical form, these schemes cannot be deployed for applications that simultaneously require (i) to avoid centralized management authority like group manager and (ii) the signer to be anonymous only against n...
متن کاملHidden Identity-Based Signatures
This paper introduces Hidden Identity-based Signatures (Hidden-IBS), a type of digital signatures that provide mediated signer-anonymity on top of Shamir’s Identity-based signatures. The motivation of our new signature primitive is to resolve an important issue with the kind of anonymity offered by “group signatures” where it is required that either the group membership list is public or that t...
متن کاملEecient Group Signature Schemes for Large Groups
A group signature scheme allows members of a group to sign messages on the group's behalf such that the resulting signature does not reveal their identity. Only a designated group manager is able to identify the group member who issued a given signature. Previously proposed realizations of group signature schemes have the undesirable property that the length of the public key is linear in the s...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2005 شماره
صفحات -
تاریخ انتشار 2005